C850 Emerging Technologies PDF

Preview

Summary

Emerging Technologies CWGU UniversityCase Study Summary/Organizational NeedTechFite is a Houston based company that produces medical devices for the space program. Because the company works with NASA and is providing a proprietary technology, security is the company's top priority. Based on the RFP ...

Description

Emerging Technologies C850

WGU University

Case Study Summary/Organizational Need TechFite is a Houston based company that produces medical devices for the space program. Because the company works with NASA and is providing a proprietary technology, security is the company's top priority. Based on the RFP Techfite needs FISMA compliant logging that happens in real time using NIST as a security framework. Servers will need to be installed with fake data loaded to attract hackers. This will allow the security team or the solution to gather information about the various threats that may arise. The logging information will need to be stored for longer periods of time due to the company wanting to expand its business and collaborate with other institutions overseas. The solution should scan logs, be able to detect new threats and store the logs for at least a year.

Emerging Technology Solution The most effective solution for the situation at hand SIEM using AI (artificial intelligence). AI technology is becoming more popular and will become a standard household technology in the future. Artificial Intelligence is when a computer system is programmed to make intelligent decisions without the user having to submit direct input, meaning the system learns on its own. According to an article on comptia.org, IDC projected that companies would spend $12.5 billion in 2017 and this number will increase at 54.4% through the year 2020. Since Techfites system administrators need to be focused on other tasks, AI would be the ideal solution to this problem because they won’t have to scan the firewall logs manually. Stellar Cyber provides an application incorporating SIEM and AI. Their Next Gen SIEM Application is being used by the company 5iron, a cybersecurity company for financial institutions, and they provide a great testimonial. Here is what Jason Bradley, Executive, VP at 5iron had to say about the product, “Stellar Cyber’s platform and price enable 5iron to offer both the solution and our Managed SIEM operations for less than the cost of one employee managing a traditional SIEM.” Not only does Stellar Cybers security application scan but also learn from the logs, it also stores them in a data lake automatically, so that would resolve the storage problem.

Adoption Process The best way to approach evaluating this emerging technology would be to use Gartner’s Street approach. By using this method, the new technology can be introduced and then deployed in a way that will be most effective to meeting the company’s objectives. This method has a set of activities that act as a checklist for best practices for the planning and adoption process. There are six stages to this process. Scope: This stage is necessary for an organization to identify whether the emerging technology will serve its purpose. Scope also helps an organization decide how aggressive they want to be in regard to the suitable level of risk involved in implementing an emerging technology. During this stage an organization can perform an analysis on the competition and build scenarios that identify business problems and opportunities. This step would benefit Techfite in deciding whether SIEM using AI will be beneficial to the organization. Track: The track stage allows an organization to seek out technologies that are relevant from a broad pool of sources. The activities involved in tracking enable the organization to under how mature the emerging technology is and identify whether or not the emerging technology can be used for business applications. The results during this stage can then be communicated to others in the organization so that they can come up with a decision. This stage will help Techfite understand if SIEM with AI is the best solution to their log issue. Rank: This stage helps an organization consider other technology solutions and decide which ones are worth of giving a look. The purpose of this is to identify which technology will bring the most benefit to the organization. By asking probing questions about the value that each of the competing technologies will have for the business. This allows the organization to pit technologies against each other. The positive side of ranking multiple technologies at once is that it brings to light the pros and cons of each and the resources that will need to be allocated for the technology that will be chosen. This step should not be overlooked by Techfite if they intend to find the best emerging technology that will be most beneficial to their needs. Evaluate: In the evaluate stage each technology found in the rank stage will be investigated. Activities in this stage involve paper investigations, prototyping,

piloting and hands-on investigation. This helps the organization under each of the chosen technology’s value and consider the and eliminate any uncertainties or risks that may remain. The end-result of this stage should be whether or not to move forward with the chosen technology. Evaluating each ranked technology will enable Techfite to make an informed decision. Evangelize: During this stage the evaluators will need to get the decision makers on board. The technology needs to inspire the decision makers and educate the those who will influence the adoption of the technology by the organization. The evaluation stage is the time to get leadership and decision makers to see the positive impact that the emerging technology will have on the organization. This stage will be essential when trying to get resourcing to adopt this emerging technology. Transfer: The transfer stage is the final stage in this adoption process. During this stage the staff involved in the previous stages of the process will transfer their knowledge to the engineers that will be deploying the new technology. During this stage the Techfite system administrators will learn the new technology in order to deploy it to the firewall system.

Technology Impact When adopting a new process, especially if it involves emerging technology, an organization should always look at the negative and positive impact that this technology could have on its current processes and the people involved with those processes. SIEM with AI provides easier threat detection which will enable the security team to focus on other tasks. Not only does it provide easier threat detection, it learns about behaviors that may be malicious all on its own. This provides the system administrators with more time to focus on other tasks that will benefit the organization. The downside to using SIEM with AI is that it may cause less work for system administrators. This could cause the company to reconsider these positions and potentially cause layoffs. In order to combat this the organization could assign the system administrators to another project or another department instead of higher new people for new projects.

Technology Comparison Another solution that could be used is an opensource log analysis solution called Graylog. Graylog is easy to use for system administrators and is contains dashboards so that system admins can choose which metrics or data resources they find most valuable. Graylog can provide load balancing across a network of backend servers and can handle several terabytes of log data daily. (Bocetta, 2019) This will enable Techfite to work with companies across the globe and have the log data in one place. A disadvantage to using Graylog is finding support, this is a feature that requires payment and is expensive. Another downside to Graylog is using the search function has logic that is difficult to use at time. (Pros and Cons of Graylog, 2020) Stellar Cyber’s FTA Application provides storage for firewall traffic logs for forensics, compliance and threat hunting. Stellar Cyber leverages machine learning to provides new insights from firewall data and adjusts security analysis settings to what it learns. One disadvantage, as with all things that have AI implementation, it may save so much time that it causes some system admins to become redundant. Another disadvantage is the unpredictability of AI, if it ever fell into the wrong hands or the engineer programming it has bad intentions, the results could be catastrophic to the organization. (Dewan, 2017)

Adoption Success A good method to decide whether the adoption process will be successful or not is to assign several system administrators to implement the STREET process and prioritize this project. Use a program like Gartners Hype Cycle to create graphical metrics that will provide a benchmark. This will allow the engineers to have something to compare the new technology’s performance to. Then have the employees implement the Stellar Cyber application on one of the firewalls and collect the metrics to see how the application performs. During this process if the results are leaning towards the implementation being successful, make sure other business units, end users and other stakeholders in the organization are aware of the emerging technology and how the new implementation is benefiting the company. The evaluating engineers should find a business champion and share the good news with them so that they will advocate the new technology to their colleagues and get forward movement on the project. In order to be positive that the transfer process succeeds, the evaluating engineer should involve relevant staff

during initial activities and at key decision points. If the adoption is unsuccessful, try the opensource solution, Graylog as mentioned previously.

Conclusion TechFite requires a solution to analyze logs for their two-firewall system. Due to the amount of traffic that passes through the firewall, the need for secure collaboration with other organizations across the globe and the need for government agencies to securely access TechFite’s information, the most effective solution would be Stellar Cybers Next-Gen SIEM solutions with AI. This program will allow the firewall logs to be scanned and any new threats automatically learned and added to the whitelist and blacklist. Usually, this is done manually and takes some time, but due to the AI aspect of Stellar Cyber this will take the work away from the system administrators and put it in the hands of the software. Not only does Stellar Cyber scan the logs, the software also stores them in a data lake. In order to ensure that the adoption process is successful, it is recommended to prioritize this project and show metrics to key decision makers. It is also encouraged to get a key management figure on board so that they can be an advocate for the software when it comes time to make the decision to purchase it. I believe that Stellar Cyber will go above and beyond TechFites expectations and provide a FISMA compliant log analysis solution.

Citation

Cybersecurity, Stellar Cyber's Customers Testimonials. (n.d.). Retrieved August 11, 2020, from https://stellarcyber.ai/company/customer-testimonials/ Dewan, C. (2017, May 01). Artificial Intelligence and Its Impact on Cyber Security. Retrieved August 11, 2020, from https://resources.infosecinstitute.com/artificial-intelligence-impact-cybersecurity/ Bocetta, S. (2019, April 03). 5 useful open source log analysis tools. Retrieved August 11, 2020, from https://opensource.com/article/19/4/log-analysis-tools ManageEngine. (n.d.). SIEM Demystified. Retrieved August 11, 2020, from https://www.manageengine.com/log-management/siem/ueba-machine-learning-ai.html Pros and Cons of Graylog 2020. (2020, April 29). Retrieved August 11, 2020, from https://www.trustradius.com/products/graylog/reviews?qs=pros-and-cons...